X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=html%2Fmain.php;h=3e1363f1a42bbc0f170eae3e8c8bcab118b6f2f4;hb=2cadbceebc3ef4ef66b05c0989c3d389aae76073;hp=afebb93525cac33ce0b4a2a9b959fda6d6fd0629;hpb=23568ca41f8d48402c59f99ff4697aa40fda8a9f;p=gosa.git
diff --git a/html/main.php b/html/main.php
index afebb9352..3e1363f1a 100644
--- a/html/main.php
+++ b/html/main.php
@@ -19,6 +19,7 @@
*/
/* Basic setup, remove eventually registered sessions */
+$start = microtime();
$timing= array();
require_once ("../include/php_setup.inc");
require_once ("functions.inc");
@@ -32,9 +33,22 @@ $domain = 'messages';
bindtextdomain($domain, "$BASE_DIR/locale");
textdomain($domain);
+/* Set cookie lifetime to one day (The parameter is in seconds ) */
+session_set_cookie_params(24*60*60);
+
+/* Set cache limter to one day (parameter is minutes !!)*/
+session_cache_expire(60*24); // default is 180
+
+/* Set session max lifetime, to prevent the garbage collector to delete session before timeout.
+ !! The garbage collector is a cron job on debian systems, the cronjob will fetch the timeout from
+ the php.ini, so if you use debian, you must hardcode session.gc_maxlifetime in your php.ini */
+ini_set("session.gc_maxlifetime",24*60*60);
+
/* Remember everything we did after the last click */
-session_set_cookie_params(2*60*60);
session_start ();
+
+$_SESSION['limit_exceeded'] =FALSE;
+
if ($_SERVER["REQUEST_METHOD"] == "POST"){
@DEBUG (DEBUG_POST, __LINE__, __FUNCTION__, __FILE__, $_POST, "_POST");
}
@@ -48,7 +62,9 @@ if (!isset($_SESSION['config'])){
}
/* Reset errors */
-$_SESSION['errors']= "";
+$_SESSION['errors'] = "";
+$_SESSION['errorsAlreadyPosted']= array();
+$_SESSION['LastError'] = "";
/* Check for uniqe ip address */
$ui= $_SESSION["ui"];
@@ -59,6 +75,35 @@ if ($_SERVER['REMOTE_ADDR'] != $ui->ip){
}
$config= $_SESSION['config'];
+
+/* Check for invalid sessions */
+if(empty($_SESSION['_LAST_PAGE_REQUEST'])){
+ $_SESSION['_LAST_PAGE_REQUEST']= time();
+}else{
+
+ /* check GOsa.conf for defined session lifetime */
+ if(isset($config->data['MAIN']['SESSION_LIFETIME'])){
+ $max_life = $config->data['MAIN']['SESSION_LIFETIME'];
+ }else{
+ $max_life = 60*60*2;
+ }
+
+ /* get time difference between last page reload */
+ $request_time = (time()-$_SESSION['_LAST_PAGE_REQUEST']);
+
+ /* If page wasn't reloaded for more than max_life seconds
+ * kill session
+ */
+ if($request_time > $max_life){
+ session_unset();
+ gosa_log ("main.php called without session - logging out");
+ header ("Location: logout.php");
+ exit;
+ }
+ $_SESSION['_LAST_PAGE_REQUEST'] = time();
+}
+
+
@DEBUG (DEBUG_CONFIG, __LINE__, __FUNCTION__, __FILE__, $config->data, "config");
/* Set template compile directory */
@@ -90,6 +135,11 @@ if ($config->data['MAIN']['LANG'] == ""){
$lang= $config->data['MAIN']['LANG'];
}
+/* Preset current main base */
+if(!isset($_SESSION['CurrentMainBase'])){
+ $_SESSION['CurrentMainBase']= get_base_from_people($ui->dn);
+}
+
$lang.=".UTF-8";
putenv("LANGUAGE=");
putenv("LANG=$lang");
@@ -111,8 +161,7 @@ $plist= $_SESSION['plist'];
/* Check for register globals */
if (isset($global_check) && $config->data['MAIN']['FORCEGLOBALS'] == 'true'){
- print_red (_("Register globals is on. GOsa will refuse to login unless this is fixed by an administrator."));
- echo $_SESSION['errors'];
+ echo _("FATAL: Register globals is on. GOsa will refuse to login unless this is fixed by an administrator.");
gosa_log ("Register globals is on. For security reasons, this should be turned off.");
session_destroy ();
exit ();
@@ -194,8 +243,6 @@ if ($_SERVER["REQUEST_METHOD"] == "POST"){
/* Load department list when plugin has changed. That is some kind of
compromise between speed and beeing up to date */
if (isset($_GET['reset'])){
- $config->departments= get_departments();
- $config->make_idepartments ();
if (isset($_SESSION['objectinfo'])){
unset ($_SESSION['objectinfo']);
}
@@ -250,7 +297,6 @@ $smarty->assign ("plug", "$plug");
$header= "".$smarty->fetch(get_template_path('headers.tpl'));
-
/* React on clicks */
if ($_SERVER["REQUEST_METHOD"] == "POST"){
@@ -258,6 +304,14 @@ if ($_SERVER["REQUEST_METHOD"] == "POST"){
lock at this point globally. Plugins do not need to remove it. */
if (isset($_POST['delete_lock']) && isset($_SESSION['dn'])){
del_lock ($_SESSION['dn']);
+
+ /* Set old Post data */
+ if(isset($_SESSION['LOCK_VARS_USED'])){
+ foreach($_SESSION['LOCK_VARS_USED'] as $name => $value){
+ $_GET[$name] = $value;
+ $_POST[$name] = $value;
+ }
+ }
sess_del ('dn');
}
@@ -284,13 +338,30 @@ if (isset ($_SESSION['post_cnt'])){
if (is_file("$plugin_dir/main.inc")){
require_once ("$plugin_dir/main.inc");
} else {
- print_red(sprintf(_("Can't find any plugin definitions for plugin '%s'!"), $plug));
- echo $_SESSION['errors'];
+ echo sprintf(_("FATAL: Can't find any plugin definitions for plugin '%s'!"), $plug);
exit();
}
/* Close div/tables */
+
+ /* check if we are using account expiration */
+
+ if((isset($config->data['MAIN']['ACCOUNT_EXPIRATION'])) &&
+ preg_match('/true/i', $config->data['MAIN']['ACCOUNT_EXPIRATION'])){
+
+ $expired= ldap_expired_account($config, $ui->dn, $ui->username);
+
+ if ($expired == 2){
+ gosa_log ("password for user \"$ui->username\" is about to expire");
+ print_red(_("Your password is about to expire, please change your password"));
+ }
+ }
+
+/* Print_out last ErrorMessage repeated string. */
+print_red(NULL);
+
$smarty->assign("contents", $display);
+
if (isset($_SESSION['errors'])){
$smarty->assign("errors", $_SESSION['errors']);
}
@@ -301,40 +372,42 @@ if ($error_collector != ""){
}
$display= $header.$smarty->fetch(get_template_path('framework.tpl'));
-/*if (isset($config->data['MAIN']['W3CTEST']) && preg_match('/true/i', $config->data['MAIN']['W3CTEST'])) {
- $tidy = new tidy();
- $config = array('indent' => TRUE,
- 'output-xhtml' => TRUE,
- 'wrap' => 200);
- $display = tidy_parse_string($display, $config, 'UTF8');
- tidy_clean_repair($display);
- $cnt = (tidy_error_count($display))+(tidy_warning_count($display));
- if($cnt != 0){
- echo "
"._("Generating this page caused the W3C conformance checker to raise some errors!")."